Environment
Novell Netware 6.5
Situation
Applied support pack
Page not found or Connection Refused when trying to access iManager, eGuide, NetStorage, QuickFinder, or GroupWise Webaccess
Apache for Netware console screen no longer exists
Apache for Netware stops loading for no apparent reason
Can no longer access GroupWise WebAccess web page
Protocol not supported: make_secure_socket:
Apache: Error: "[crit] (10022)Unknown error: make_secure_socket: for port 443, WSAIoctl: (SO_SSL_SET_SERVER)"
make_secure_socket error (10093)
Resolution
Load pkidiag.nlm on the server in order to recreate default server certificates. Login as admin (full context, example: .admin.corp) and choose options 4, 5, 6, and 0. If you are running Netware 6.5 and Tomcat 4.x, be sure run tckeygen.ncf at the server console before rebooting. Otherwise Tomcat may fail to load with the new certificates. If rebooting the server is not an option, you might be able to start and stop Apache (ap2webdn) and Tomcat (tc4stop), then reload them after a few minutes (ap2webup tomcat4). - Make sure NILE.NLM is being loaded. If PORTAL.NLM is loaded, test Remote Manager's secure port. (ie. https://serveraddress:8009) If HTTPSTK.NLM intializes correctly with a valid certificate, Remote Manager should come up on the https secure port. If not, check logger screen for errors when HTTPSTK.NLM loads.
- Load TCPCON | Protocol Information | TCP | View TCP Connections Table Check to see if the IP address or apache ports (defaults are 80, 443) are in use by another application. Check the apache conf file to make sure the SecureListen statements are accurate. NOTE: Typing httpcloseport 80 /silent at the server will force the closure of the http port that may already be in use by httpstk. (Port 80 for this example, but also run this a second time with port 443.)
- Check the versions of Apache. If the server is NetWare 6.5 SP3 or later, the apache version must be 2.0.52 or later. If the version of Apache is not 2.0.52, and the server is SP3 or later, please reinstall Apache from the products overlay CD.
Additional Information
Additional troubleshooting according to OS version.
Netware 6.0
Check for errors on server logger screen when loading apache with nvxadmup. If you see the error "Unknown error: Make_Secure_Socket" either the server certificates can't be used for Apache's secure ports or there is a IP/port conflict. More commonly it is due to certificates. Do the following to resolve:
Load pkidiag.nlm on the server. This will recreate the default server certificates (SSL CertificateIP, SSL CertificateDNS). Login as admin and choose options 4, 5, 6, and 0. Reboot the server.
If still getting the error, reference these TIDs:
Error:"10022 Enabling SSL services for HTTPSTK.NLM -SSL Disabled."
SSL initialization fails when loading HTTPSTK.NLM or the WEB Server.
Check sys:/apache/conf/adminserv.conf file to make sure the SecureListen line is accurate for the server address and port and nothing else on the server is trying to use the same address or port. Follow the first fix if it is certificates. Make sure the certificate specified on the SecureListen line in parentheses is valid. You can test by viewing the properties of the certificate object in the NDS tree, choose Certificates tab, then Public Key Certificate. Check the expiration date and validate.
Netware 6.5
When the Apache2.nlm appears to load but the Apache for Netware screen no longer loads, check the apache log files for the reason why. Look at sys:/apache2/logs/error_logxxxx (most recently modified log) to see if it is a certificate issue. You will see an error similar to "Protocol not supported: make_secure_socket: failed to get a socket for port 443" If there are no errors, open sys:/apache2/logs/startup.err for syntax errors with the httpd.conf file or included conf files.